Filtered by vendor Videowhisper
Subscribe
Filtered by product Videowhisper Live Streaming Integration
Subscribe
Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-12504 | 1 Videowhisper | 1 Videowhisper Live Streaming Integration | 2025-07-17 | N/A | 6.4 MEDIUM |
| The Broadcast Live Video – Live Streaming : HTML5, WebRTC, HLS, RTSP, RTMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_hls' shortcode in all versions up to, and including, 6.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2025-48255 | 1 Videowhisper | 1 Videowhisper Live Streaming Integration | 2025-07-17 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in videowhisper Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP allows Cross Site Request Forgery. This issue affects Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP: from n/a through 6.2.4. | |||||
| CVE-2023-25699 | 1 Videowhisper | 1 Videowhisper Live Streaming Integration | 2025-04-15 | N/A | 9.0 CRITICAL |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in VideoWhisper.Com VideoWhisper Live Streaming Integration allows OS Command Injection.This issue affects VideoWhisper Live Streaming Integration: from n/a through 5.5.15. | |||||
| CVE-2014-1908 | 1 Videowhisper | 1 Videowhisper Live Streaming Integration | 2025-04-12 | 5.0 MEDIUM | N/A |
| The error-handling feature in (1) bp.php, (2) videowhisper_streaming.php, and (3) ls/rtmp.inc.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message. | |||||
| CVE-2014-4569 | 1 Videowhisper | 1 Videowhisper Live Streaming Integration | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ls/vv_login.php in the VideoWhisper Live Streaming Integration plugin 4.27.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the room_name parameter. | |||||
| CVE-2014-1905 | 1 Videowhisper | 1 Videowhisper Live Streaming Integration | 2025-04-12 | 10.0 HIGH | N/A |
| Unrestricted file upload vulnerability in ls/vw_snapshots.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, and then accessing the file via a direct request to a wp-content/plugins/videowhisper-live-streaming-integration/ls/snapshots/ pathname, as demonstrated by a .php.jpg filename. | |||||
| CVE-2014-2297 | 1 Videowhisper | 1 Videowhisper Live Streaming Integration | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin 4.29.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to ls/htmlchat.php or (2) bgcolor parameter to ls/index.php. NOTE: vector 1 may overlap CVE-2014-1906.4. | |||||